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DETAILED ACTION 
Continued Examination Under 37 CFR 1.114 

1 . A request for continued examination under 37 CFR 1 . 11 4, including the fee set 
forth In 37 CFR 1 .17(e), was filed in this application after final rejection. Since this 
application is eligible for continued examination under 37 CFR 1 .1 14, and the fee set 
forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action 
has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on January 
15, 2008 has been entered. 

Response to Arguments 

2. Applicant's arguments with respect to claims 24-47 have been considered but 
are deemed to be not persuasive. After further search and a thorough examination of 
the present application, claims 25-47 remain rejected 

Applicant's argument towards independent claims 25, 33, 37, and 44 with 
reference to Cranor et al. {Platform for Privacy Preferences Syntax Specification, 
hereinafter Cranor) regarding the fact that Cranor does not disclose "a cooiiie-policy 
receipt based only on a user decision" as amended. 

The Examiner respectfully submits In particular in response to the Applicant's 
argument. Evidently, Applicant defines "a user decision" to consist of two types, i.e. one 
is generated directly from the user's input, and one is generated indirectly through a 
comparison between the privacy policy and user references ([Specification, Page 16, 
Lines 2-5]). 
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Accordingly, Cranor discloses the user agent sends out the requested data to the 
content provider after the receipt of a proposal received from said content provider. In 
addition, the user agent MUST include the agreementlD(s) it believes it is operating 
under to the content provider {[Section 3.3.4, Page 16]). Cranor defines the 
agreementlD(s) as a record of the agreement reached by the user agent and the 
content provider regarding if the privacy practices of the content provider matches the 
user's preferences or not {[Section 1,3, Pages 4-5\). This citation clearly anticipates the 
limitation of "cookie-policy receipt based only on a user decision" as amended by the 
Applicant. 

Claim Rejections - 35 USC § 101 

3. 35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of 
matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the 
conditions and requirements of this title. 

4. Claims 44-47 are rejected under 35 U.S.C. 101 because the claimed invention is 
directed to non-statutory subject matter. 

Regarding claim 44, "a content provider apparatus adapted for.. " is being 
recited with multiple components, e.g. means for receiving a resource request, 
means for transnriitting a privacy policy, means for receiving a cookie-policy 
receipt, means for providing cookie. However, Applicant clearly states in the 
specification that "the means of the content provider 200 in Figure 6, i.e. I/O unit 
210, cookie generator 230, and database processor 240 can be implemented in 
software" ([Page 25, Lines 11-14]), thus confirms that these components are 
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indeed software components. Therefore, the claimed apparatus is directed to a 
software apparatus itself not a process occurring as a result of actually executing 
the software components, a machine programmed to operate in accordance with 
the software components, nor a manufacture structurally and functionally 
interconnected with the software components in a manner which enables the 
software components to carry out their functionalities. The claimed system is also 
not a combination of chemical compounds to be a composition of matter. As 
such, it fails to fall within a statutory category. It is, at best, functional descriptive 
material per se. 

Claims 45-47 fail to resolve the deficiencies of claim 44 since they only 
further limit the scope of claim 44. Hence, claims 45-47 are also rejected under 
35U.S.C, 101. 

The claims above lack the necessary physical articles or objects to 
constitute a machine or a manufacture within the meaning of 35 U.S.C. 101. 
They are clearly not a series of steps or acts to be a process nor are they a 
combination of chemical compounds to be a composition of matter. As such, they 
fail to fall within a statutory category. They are, at best, functional descriptive 
material perse. 

Descriptive material can be characterized as either "functional descriptive 
material" or "nonfunctional descriptive material." Both types of "descriptive 
material" are nonstatutory when claimed as descriptive material perse, 33 F.3d 
at 1360, 31 USPQ2d at 1759. When functional descriptive material is recorded 
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on some computer-readable medium, it becomes structurally and functionally 
interrelated to the medium and will be statutory in most cases since use of 
technology permits the function of the descriptive material to be realized. 
Compare In re Lowry, 32 F.3d 1579, 1583-84, 32 USPQ2d 1031, 1035 (Fed. Cir. 
1994) 

Merely claiming nonfunctional descriptive material, i.e., abstract ideas, 
stored on a computer-readable medium, in a computer, or on an electromagnetic 
carrier signal, does not make it statutory. See Diehr, 450 U.S. at 185-86, 209 
USPQ at 8 (noting that the claims for an algorithm in Benson were unpatentable 
as abstract ideas because "[t]he sole practical application of the algorithm was in 
connection with the programming of a general purpose computer.") 

Claim Rejections - 35 USC § 102 

5. The following is a quotation of the appropriate Paragraphs of 35 U.S.C. 102 that 
fomn the basis for the rejections under this Section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public 
use or on sale In this country, nfiore than one year prior to the date of application for patent in the United 
States. 

6. Claims 25-30, 33-42 and 44-47, are rejected under 35 U.S.C. 102(b) as being 
anticipated by Cranor et al. {Platform for Privacy Preferences Syntax Specification, 
hereinafter Cranor). 
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Regarding claim 25, Cranor clearly shows and discloses a method of 
managing cookies in a data processing system ([Pages 4-5. Section 1.3]) 
comprising the steps of: 

a user agent requesting a resource associated with a cookie 

(proposal) from a content provider {home page of CoolCatalog, [Page 45, 

Appendix 4]). 

receiving a privacy policy associated with said cookie; and 
{CoolCatalog sends a proposal, including privacy practices, disclosures, 
and the data elements to which they apply, [Page 45, Appendix 4]). 

said user agent transmitting, in response to reception of said 
privacy policy associated with said cookie {receipt of a proposal, [Page 16, 
Section 3.3.4, Paragraph 1]), a cookie-policy receipt to said content 
provider, said cookie-policy receipt based only on a user decision, said 
user decision specifying whether a user associated with said user agent 
accepts that said content provider provides said cookie to user equipment 
associated with said user agent {agreementID / fingerprint of agreement, 
[Page 5, Section 1.3, Paragraph 4]). 

Regarding claim 26, Cranor further discloses a method wherein user 
agent transmitting said cookie-policy receipt {agreementlD/fingerprint of 
agreement, [Page 5, Section 1.3, Paragraph 4] in a resource fetch message (OK 
in case of acceptance, [Page 14, Section 3.3.1] or SRY in case of refusal [Page 
15, Section 3.3.3, Paragraph 1]). 
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Regarding claim 27, Cranor further discloses said user decision is 
determined by: 

said user agent comparing said privacy policy with user preference, 
said user preference specifying a cookie privacy policy accepted by said 
user {to determine whether to enter into an agreement. An agreement 
applies to all data exchanged between the user agent and service within a 
specified realm [Page 5, Section 1.3, Paragraph 2]); and 

said user agent generating said cookie-policy receipt based on said 
comparison {agreementlD/fingerprint of agreement, [Page 5, Section 1 .3, 
Paragraph 4]). 

Regarding claim 28, Cranor further discloses a method wherein if said 
received privacy policy does not match said user preference ([Page 5, Section 
1.3, Paragraph 4]), said method further comprising the steps of: 

said user agent presenting said received privacy policy for said 

user on said user equipment {shown to a human user)\ and 

said user agent generating said cookie-policy receipt in response to 
a user-input signal {agreementID / fingerprint of agreement). 

Regarding claim 29, Cranor further discloses wherein said user decision 
is determined by: 

said user agent presenting said received privacy policy for said 
user on said user equipment {shown to a human user); and 
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said user agent generating said cookie-policy receipt in response to 
a user-input signal {agreementID /fingerprint of agreement) 
Regarding claim 30, Cranor further discloses the step of authenticating 
said cookie-policy receipt with an authentication. key associated with said user 
agent {The MD5 algorithm is intended for digital signature applications, where a 
large file must be "compressed" in a secure manner before being encrypted with 
a private (secret) key under a public-key cryptosystem such as RSA or PGP, 
[Pages 41 -44, Appendix 2]). 

Regarding claim 33, Cranor clearly shows and discloses a method of 
providing cookies in a data processing system where in a user agent requests a 
resource associated with a cookie from a content provider ([Pages 4-5, Section 
1 .3]), said method comprising the steps of: 

receiving a resource request, wherein the resource is associated 
with a cookie from said content provider ([Page 45, Appendix 4, 
Paragraph 2]), 

transmitting a privacy policy associated with said cookie to said 
user agent ([Page 45, Appendix 4, Paragraph 4]); 

receiving a cookie-policy receipt based only on a user decision from 
said user agent (CoolCatalog sends a proposal, including privacy 
practices, disclosures, and the data elements to which they apply, [Page 
45, Appendix 4]); 
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said content provider providing, in response to reception of a 
cookie-policy receipt from said user agent {user agent sending out 
requested data including agreementID it is operating under to sen/er, 
[Page 16, Section 3.3.4. Paragraph 1]), said cookie to user equipment 
associated with said user agent if said cookie-policy receipt specifies that 
a user associated with said user agent accepts that said content provider 
provides said cookie to said user equipment {once the user lias accepted 
the agreement, the service will send the appropriate data elements, which 
are then saved transparently by the user agent, [Pages 10-11, Section 2, 
Scenario 5]). 

Regarding claim 34, Cranor further discloses a method wherein user 
agent transmitting said cookie-policy receipt in a resource fetch message (OK in 
case of acceptance, [Page 14, Section 3.3.1] orSRYin case of refusal [Page 16, 
Section 3.3.3, Paragraph 1]). 

Regarding claim 35, Cranor further discloses a method wherein, said 
cookie-policy receipt specifies that a user associated with said user agent 
accepts that said content provider provides said cookie to said user equipment 
{once the user has accepted the agreement, the sen/ice will send the appropriate 
data elements, which are then saved transparently by the user agent, [Pages 1 0- 
1 1 , Section 2, Scenario 5]). 

Regarding claim 36, Cranor further discloses a method wherein cookie 
policy receipt is generated based on a comparison between said privacy policy 



Application/Control Number: Page 10 

10/519,606 

Art Unit: 2165 

and user preference ([Page 5, Section 1.3, Paragraphs 3-4]) that specifies a 
cookie privacy policy accepted by said user {An agreement applies to all data 
exchanged between the user agent and sen/ice within a specified realm [Page 5,. 
Section 1.3, Paragraph 2]). 

Regarding claim 37, Cranor clearly shows and discloses a data 
processing system for requesting a resource associated with a cookie (data) from 
a content provider ([Pages 4-5, Section 1.3]), said data processing system 
comprising: 

a user agent ([Page 13, Section 3.2, Paragraph 1]), said user agent 
comprising: 

means for receiving a privacy policy associated with said 
cookie; ([Page 13, Section 3.2]) and 

means for transmitting {communicating to the sen/er using 
standard HTTP methods such as "GET" or "POST", [Page 1 3, 
Section 3.2, Paragraph 1]), in response to reception of a privacy 
policy associated with said cookie {receipt of a proposal, [Page 16, 
Section 3.3.4, Paragraph 1]), a cookie-policy receipt 
{agreement! D/fingerprint of agreement, [Page 5, Section 1.3, 
Paragraph 4]) to said content provider, said cookie-policy receipt 
based only on a user decision, said user decision specifying 
whether a user associated with said user agent accepts that said 
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content provider provides said cookie to user equipnnent associated 
with said user agent ([Page 5, Section 1 .3, Paragraph 4]). 

Regarding claim 38, Cranor further discloses that transmitting means 
{standard HTTP methods such as "GET" or "POSV, [Page 1 3, Section 3.2, 
Paragraph 1]) from user agent to content provider includes said cookie-policy 
receipt in a resource fetch message (OK in case of acceptance, [Page 14, 
Section 3.3.1] orSRYin case of refusal [Page 15, Section 3.3.3, Paragraph 1]). 

Regarding claim 39, Cranor further discloses a data processing system 
according comprising means for determining the user decision, said means for 
determining further comprising: 

means for comparing said received privacy policy with user 
preference to determine whether to enter into an agreement {An 
agreement applies to all data exchanged between the user agent and. 
sen/ice within a specified realm, [Page 5, Section 1 .3, Paragraph 2]). 

means for generating, connected to said comparing means, said 
cookie-policy receipt as a function of said comparing of said privacy policy 
with said user preference ([Page 5, Section 1 .3, Paragraphs 3-4]). 
Regarding claim 40, Cranor further discloses [Page 5, Section 1.3, 
Paragraph 4] a means for presenting said received privacy policy (proposal) for 
said user on said user equipment {shown to a human user), said generating 
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means being adapted for generating said cookie-policy receipt 
{agreementlD/fingerprint of agreement) in response to a user input signal. 

Regarding claim 41, Cranor further discloses means for determining the 
user decision, said means for determining further comprising: 

means for presenting said received privacy policy for said user on 
said user equipment {shown to a human user, [Page 5, Section 1.3, 
Paragraph 4]); and 

means for generating said cookie-policy receipt in response to a 
user input signal {agreementlD/fingerprint of agreement, [Page 5, 
Section 1 .3, Paragraph 4]). 

Regarding claim 42, Cranor further discloses a means to authenticate 
said cookie-policy receipt {agreementlD/fingerprint of agreement, [Page 5, 
. Section 1.3, Paragraph 4]) with an authentication key associated with said user 
agent {The MD5 algorithm is intended for digital signature applications, where a 
large file must be "compressed" in a secure manner before being encrypted with 
a private (secret) key under a public-key cryptosystem such as RSA or PGP, 
[Page 41 , Appendix 2]). 

Regarding claim 44, Cranor clearly shows and discloses a content 
provider apparatus adapted for providing a requested resource associated with a 
cookie to a user agent in a data processing system ([Pages 4-5, Section 1.3]), 
said content provider comprising: 
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means to receiving a resource request from said user agent ([Page 
9, Section 2, Scenario 1, Protocol Scenario]); 

means for transmitting a privacy policy associated with said cookie 
to said user agent {content/proposal is sent to user agent in a header, 
HTML header, or as referenced by URL, [Page 9, Section 2, Scenario 1, 
Protocol Scenario]); means for receiving a cookie-policy receipt based 
only on a user decision [Page 9, Section 2, Scenario 1 , Protocol 
Scenario]; and 

means for providing, in response to reception of a cookie-policy 
receipt {agreement! D/fingerprint of agreement, [Page 5, Section 1,3, 
Paragraph 4] from said user agent {user agent sending out requested data 
including agreementID it is operating under to server, [Page 16, Section 
3.3.4, Paragraph 1], said cookie to said user equipment associated with 
said user agent if said cookie-policy receipt {agreement! D/fingerprint of 
agreement, [Page 5, Section 1.3, Paragraph 4]) specifies that a use 
associated with said user agent accepts that said content provider 
provides said cookie to said user equipment {once the user has accepted 
the agreement, the sen/ice will send the appropriate data elements, which 
are then saved transparently by the user agent, [Pages 10-11, Section 2, 
Scenario 5]). 
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Regarding claim 45, Cranor further discloses that a content provider 
apparatus receiving said cookie-policy receipt {agreementlD/fingerprint of 
agreement, [Page 5, Section 1.3, Paragraph 4] in a resource fetch message (OK 
in case of acceptance, [Page 14, Section 3.3.1] or SRYin case of refusal [Page 
15, Section 3.3.3, Paragraph 1]). 

Regarding claim 46, Cranor further discloses means for providing said 
cookie-associated resource {content/proposal is sent to user agent in a lieader, 
HTML header, or as referenced by URL, [Page 9, Section 2, Scenario 1, Protocol 
Scenario]) if said cookie-policy receipt specifies that said user accepts that said 
content provider provides said cookie to said user equipment {once the user has 
accepted the agreement, the service will send the appropriate data elements, 
which are then saved transparently by the user agent, [Pages 10-11, Section 2, 
Scenario 5]). 

Regarding claim 47, Cranor further discloses a content provider 
apparatus wherein cookie policy receipt {agreementlD/fingerprint of agreement, 
[Page 5, Section 1.3, Paragraph 4]) is generated based on a comparison 
between said received privacy policy and user preference ([Page 5, Section 1.3, 
Paragraphs 3-4]) that specifies a cookie privacy policy accepted by said user {An 
agreement applies to all data exchanged between the user agent and service 
within a specified realm [Page 5, Section 1 .3, Paragraph 2]). 
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Claim Rejections - 35 USC § 103 

7. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in Section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

8. Claims 31-32 and 43, are rejected under 35 U.S.C. 1 03(a) as being 
unpatentable over Cranor in view of Mitchell et al. (Pat. No. US 6,959,420, filed on 
November 30, 2001 ; hereinafter Mitchell). 

Regarding claim 31 , Cranor does not specifically disclose the step of 
removing previously stored cookie(s) associated with requested resource in user 
equipment. 

Mitchell discloses a method to evaluate web site platform for privacy 
preferences policy wherein operation for web site to persist, retrieve (referred to 
as replay) or delete its cookie data in the set of cookies on the user's machine 
being done through user input via a prompt ((Column 7, Line 56 -> Column 8, 
Line 28]). 

It would have been obvious to a person with ordinary skills in the art at the 
time the invention was made to incorporate the teachings of Mitchell with the 
teachings of Cranor for the purpose of evaluating privacy policies provided by 
web sites to determine whether each side is permitted to perform operations 
(e.g., store, retrieve or delete) directed to cookies on a user's computer by 
comparing the privacy policy specified by the web site to the user's privacy 
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preferences and other specified information available on the client computer 
([Column 2, Lines 34-43] of Mitchell), 

Regarding claim 32, Mitchell further discloses ignoring a cookie request 
command transmitted from said content provider to said user agent if said 
cookie-policy receipt specifies that said user does not accept that said content 
provider provides said cookie to said user equipment {evaluating web site 
platform for privacy preferences policy wherein user's response to the prompt 
may be stored in association with a particular web site so that the user needs not 
again to be interrupted when this site is accessed, [Column 12, Lines 39-53]). 

Regarding claim 43, Mitchell further discloses removing a cookie 
associated with said requested resource from a storage in said user equipment if 
said cookie-policy receipt specifies that said user does not accept that said 
content provider provides said cookie to said user equipment {evaluation of web 
site platform with user's privacy preferences policy wherein there is a means for 
user agent to delete its cookie data in the set of cookies on the user's machine 
being done through user input via a prompt, [Column 7, Line 56 Column 8, 
Line 28]). 
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Conclusion 

9. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 

Gordon et al. (Patent No. US 7,137,009 B1)teaches a method for 
securing a cookie cache in a data processing system. 

Schran et al. (Pub. No. US 2002/0143770 Al) teaches a method for 
network administration and local administration of privacy protection criteria, 

Cranor et a!., "The Platform for Privacy/ Preferences 1,0 (P3P 1.0) 
Specification" teaches the implementation of interoperable P3P applications. 

The Examiner requests, in response to this Office action, support(s) must be 
shown for language added to any original claims on amendment and any new claims. 
That is, indicate support for newly added claim language by specifically pointing to 
page(s) and line no(s) in the specification and/or drawing figure(s). This will assist the 
Examiner in prosecuting the application. 

When responding to this office action, Applicant is advised to clearly point out the 
patentable novelty which he or she thinks the claims present, in view of the state of the 
art disclosed by the references cited or the objections made. He or she must also show 
how the amendments avoid such references or objections See 37 CFR 1 .11 1(c). 
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Contact Information 



10. Any inquiry concerning this communication or earlier communications from the 
Examiner should be directed to Son T. Hoang whose telephone number is (571) 270- 
1752. The Examiner can normally be reached on Monday - Friday (7:30 AM - 5:00 PM). 

If attempts to reach the Examiner by telephone are unsuccessful, the Examiner's 
supervisor, Christian Chace can be reached on (571) 272-4190. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for published 
applications may be obtained from either Private PAIR or Public PAIR. Status 
information for unpublished applications is available through Private PAIR only. For 
more information about the PAIR system, see http://pair-direct.uspto.gov. Should you 
have questions on access to the Private PAIR system, contact the Electronic Business 
Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO 
Customer Service Representative or access to the automated information system, call 
800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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